In an agreement announced today, IBM joins the sponsors of the FAIR Institute, the nonprofit organization educating the business, technical and academic communities on Factor Analysis of Information Risk (FAIR™).
FAIR is rapidly gaining acceptance as the international standard for cyber and operational risk analysis and quantification, helping organizations apply the traditional financial analytics of business decision-making to cybersecurity investment. The National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), the COSO Enterprise Risk Management Framework, and the National Association of Corporate Directors (NACD) Cyber Risk Oversight Handbook all recommend the use of FAIR.
"The sponsorship of FAIR Institute is a key initiative for IBM,” said Julian Meyrick, Managing Partner & Vice President, Security Transformation Services at IBM Security.
“The FAIR methodology is accredited as an Open Group industry standard and is recognized as complementary to widely adopted risk frameworks our clients use such as NIST CSF, ISO 27001 and COSO,” Meyrick continued. “A number of our key clients have adopted the FAIR methodology and we are using this approach to assess, reduce and manage the many security risks associated with their digital business transformations. This strategic alliance will assist our clients in prioritizing their scarce resources to efficiently address the increasing cyber risks that they face.”
IBM’s sponsorship will support the Institute’s annual FAIR Conference, programs at the 23 local chapters around the world, the university outreach program, and the Institute’s ongoing research and thought leadership on risk analysis and risk management. The 10,000-plus Institute members come from 120 countries and represent 45% of Fortune 1000 companies and 25% of Forbes Global 2000 organizations.
“We are thrilled to have a market leader such as IBM support quantitative risk management practices based on the FAIR model and join the FAIR Institute as a sponsor,” said Nicola (Nick) Sanna, President of the FAIR Institute.
Recently, IBM Security announced Risk Quantification Services, powered by FAIR and RiskLens, the enterprise-grade platform for FAIR implementation, to help clients identify, prioritize and quantify security risk as they weigh decisions such as deploying new technologies, making investments in their business and changing processes.
IBM's Risk Quantification Services can quantify risk by calculating the probability of a security event occurring, and the probable loss projection based on expected data loss, operational disruptions and business context. Organizations can also benefit from IBM's risk mitigation recommendations that are based on an analysis of value and impact by comparing their costs and expected risk reduction. IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services, supported by world-renowned IBM Security X-Force research.
About the FAIR Institute
The FAIR Institute is an expert, non-profit organization led by information risk officers, CISOs and business executives, created to develop and share standard risk management practices based on FAIR. Factor Analysis of Information Risk (FAIR™) is the only international standard analytics model for information security and operational risk. FAIR helps organizations quantify and manage risk from the business perspective and enables cost-effective decision-making. To learn more and get involved visit: www.fairinstitute.org.
About IBM Security
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM Security X-Force research, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world's broadest security research, development and delivery organizations, monitors 150 billion+ security events per day in more than 130 countries, and has been granted more than 10,000 security patents worldwide. For more information, please check www.ibm.com/security, follow @IBMSecurity on Twitter or visit the IBM Security Intelligence blog.
Director, Memberships and Programs